Most smart cards in use today are flat, rectangular pieces of plastic resembling credit cards having electronic circuitry embedded therein. A typical smart card includes a microprocessor coupled to a memory, and the microprocessor executes instructions and performs operations on data of at least one software application program stored in the memory. The smart card provides a compact and portable computation resource for executing transactions in area such as banking, sales, or security. Smart cards commonly appear in the form of credit cards, key-shaped tokens, and subscriber identity modules (SIMs) used in certain types of cellular telephones.
Many smart cards have a set of electrically conductive contacts arranged on an upper surface. A smart card reader/writer for communicating with such smart cards has a similarly arranged set of electrically conductive contacts. When a smart card is inserted in the smart card reader/writer, corresponding members of the two sets of contacts come into physical contact with one another. The main standards in the area of smart card and reader/writer interoperability are the International Standards Organization (ISO) 7816 standards for integrated circuit cards with contacts. The ISO 7816 standards specify interoperability at the physical, electrical, and data-link protocol levels. Other types of smart cards are “contactless.” In this situation, both the smart card and the smart card reader/writer include wireless communication interfaces for communicating wirelessly (i.e., without electrical contact).
Today, advertising has many complex strategies to determine the best way to deliver advertising. Advertising may be based on a mass mailing with a small probability of success. Alternatively, some advertising may be focused on a target audience using information about the target audience that increases the probability of success. Focused advertising is more complicated because demographic must be accessed and/or collected to provide the information abut the target audience.
U.S. Pat. No. 6,220,510 discloses an a method for conducting multiple smart card operations through an architecture that allows only one application to be executed at a time and further allows for shared processing between two applications by performing a delegation function to the second application.
U.S. Pat. No. 6,216,014 discloses a system for secured independent management of multiple applications by each user of a smart card. Security is achieved by an access control policy to determine whether the data filed to be accessed by an operation is accessible.
U.S. Pat. No. 6,131,090 discloses a method and system for controlled access to information on a smart card that includes a data processing center maintained by a trusted third party for storing a database of authorizations for various service providers to access information pertaining to individuals, and for responding to request by service providers for access from terminals which communicate with the data processing center and smartcards storing the individuals information.
U.S. patent application Ser. No. 10/443,670, entitled “SMART CARD DATA TRANSACTION SYSTEM AND METHODS FOR PROVIDING HIGH LEVELS OF STORAGE AND TRANSMISSION SECURITY” discloses a smart card system for secure transmission of post issuance data to a embedded chip using a chip relay module, a plurality of hardware security modules, a first communication system having two security layers and a second communication system having four security layers.
The first communication system may be considered a server side system and comprises a chip management system, a security server having a first hardware security module, a distribution server having a second hardware security module and a computer system connected by a network The first communication system has a first security layer and a second security layer. The first security layer comprises mutual authentication that makes each component of the first communication system a trusted node to the others through client mutual authentication. The second security layer comprises system keys for secure communication between the hardware security modules.
The second communication system may be considered a client side system and comprises the computer system connected to the distribution server by a network, a PC/SC card reader driver, a Web browser application, and a chip relay module and is for secure communication between the distribution server and the chip of a smart card inserted in the card reader/writer. The second communication system has a third, fourth, fifth and sixth security layer. The third security layer comprises secure communication between the distribution server and the web browser application program using mutual authentication. The fourth security layer comprises session context security using a session key generated between the distribution server and the chip relay module. The fifth security layer comprises a data marker or flag necessary for secure transmissions between the distribution server and the chip. The sixth security layer comprises message authentication code or message authentication code encrypted messages between the distribution server and the chip.
U.S. patent application Ser. No. 10/443,680, entitled “METHOD AND APPARATUS FOR DISPLAYING EMBEDDED CHIP STATES AND EMBEDDED CHIP END-USER APPLICATION STATES,” discloses a method and apparatus for managing applications installed on a smartcard. The invention comprises a Smartcard Management Program (SMP), a User Action Program (UAP), a User Command Program (UCP), an Application Status Update Program (ASUP), and a Card Status Update Program (CSUP). The SMP interfaces with smartcard communications system and accepts the user commands. The UAP obtains applications from external sources, updates the user profile, and transmits the user profile to the user for viewing on a graphical user interface. The UCP breaks the user commands into card actions and application actions and executes the card actions and application actions. The ASUP updates the user profile by changing the entry in an application name column, an application status column, a user action column, and an information column. The CSUP updates the user profile by changing the entry in the card status field.
When a person to whom a smart card is issued (a chipholder) conducts transactions with the smart card in the smart card system involving instructions and data for adding, modifying, or deleting data stored in a chip (a post issuance data transaction), the chipholder has no means to obtain additional information about a particular application being delivered from within a secure session originating at the server. Correspondingly, an Application Provider (AP) does not have a means to extend its marketing channel through the chip management system. The chip management system associates a chipholder with the embedded chip of the chipholder's smart card, and therefore is a potential marketing channel. Moreover, the chip management system provides an opportunity for continuous connectivity between the application provider and the smart card system. The continuous connectivity potentially includes times when the chipholder has not placed his or her smartcard in the smart card system. Therefore, it would be advantageous for the AP to send data related to marketing along with the data content that is targeted to the chipholder. It would be advantageous to use the chip management system as a conduit for application provider data content to the chipholder(s).
Therefore, a need exists for an apparatus and method for a centered interface for chip management, application information, and targeted promotional advertisements. Moreover, a need arises for a way to present data to a chipholder when an entitlement page is presented during any or all post issuance operations.